E-mail updates
Follow on Twitter
Subscribe to RSS
AP
In addition to all of your personal information, most of us have business email and contacts on our phones.
Security experts predict 2012 will be a breakthrough year for cyber-attacks on smartphones. There are now enough of these mobile computers in use to make them an inviting target.
“Shopping and mobile banking are things that are going to leave a trail and contain lots of goodies that criminals can go after,” says Rachel Ratcliff Womack with the digital security firm Stroz Friedberg.
In addition to all of your personal information, you probably have business email and contacts on your phone.
“It brings those two worlds together in a very convenient package for criminals to target,” Womack says.
Not only are they loaded with all sorts of personal information a crook would like to steal, most smartphones are also completely unprotected.
The subject of malicious cell phone attacks has been greatly hyped the last few years. But during 2011 it became clear that this is a real threat that must be taken seriously.
“We are only at the beginning of the wave,” says James Lyne, director of technology strategies at Sophos, an international firm that specializes in online security for businesses. “We’ve definitely got to start worrying about security on mobile devices.”
But people don’t seem to have the same security concerns with their smartphones that they do with their PCs.
“The problem is that users may view these devices as eminently secure, when in reality they are just waiting to receive more attention from cyber-criminals,” Lyne says.
All smartphones can have security vulnerabilities, but right now most mobile malware is aimed at Android devices. That’s because Android powers more devices and it’s an open platform, which makes it’s easier for the bad guys to distribute their malicious software.
In a new report, Lookout Mobile Security estimates that Android users lost more than a million dollars to cyber-thieves last year. The company says the annual risk of encountering malware on an Android device is now 4 percent, up from 1 percent at the beginning of 2011.
“In 2012, we expect to see the mobile malware business turn profitable,” says Kevin Mahaffey, Lookout’s chief technology officer. “What took 15 years on the PC platform has only taken the mobile ecosystem two years.”
What are the threats?
Mobile malware can do all sorts of things. It can spy on you, run up your wireless bill or steal your personal information.
“The things they are doing on PCs, they’re also doing on smartphones — and even more,” says Gary Davis with McAfee Labs.
- There are banking Trojans that will intercept financial transactions with your bank and then use that information to drain your bank account.
- Other malware can send text messages to premium SMS services without your knowledge. You wind up with a huge bill at the end of the month for text messages your phone sent.
- Spyware can harvest information about the places you go and when. It can also record phone conversations and forward them to the attacker.
- Quick Response codes (those black-and-white squares starting to show up in all sorts of ads) can also pose a security risk. Internet security company Kaspersky Lab recently reported that it found QR codes can link to malicious text messages or websites.
- And of course, you can always click on a malicious link yourself or be tricked into giving out your personal information via a phishing scam directed to your cell phone.
What can you do to protect yourself?
The first security software for smartphones is now available and more will soon hit the market.
McAfee is working on a product that analyzes the “permissions” an app wants from your device and warns of possible threats. For example, a flashlight app doesn’t need to look at your location or your phone book. If the security software found a flashlight app asking for access to that information, it would flag it.
But do you really need security software for your mobile devices?
“We don’t think that people have to install yet another program for security on their phones, at least not now,” says Paul Reynolds, electronics editor at Consumer Reports. “Probably the biggest security threat is losing your phone.”
Security expert Lyne agrees. He says mobile security today is about the basics: have a decent password, use encryption and make sure your device is patched — running the latest versions of both apps and the phone operating system.
But he says in the next year to 18 months, you probably will need to seriously consider security software, especially if you use your smartphone for shopping or banking.
You also need to be careful about the apps you install. Think before you download. Check reviews. Be skeptical.
“Stick with the major apps and the major app stores,” advises Rachel Ratcliff Womack.
If you go to Amazon or the iTunes store, your chances of getting malware are relatively low, but still possible. You run a greater risk at the Android Market.
More information:
McAfee: Top Five Tips to Avoid Bad Apps
Sophos: Mobile Security Toolkit
Sophos: 7 Tips for Securing Mobile Workers
Leave a Comment:
This article did not tell you how to protect your phone- just to stay updated on software. That's not enough. Tell us what software is out there to encrypt it, to protect the data, etc. Give us some options.
As far as I'm concerned; the mobile phone manufacture and the phone's "Service Provider" (AT&T, T-Mobile, Sprint, Verizon "et al") should be held responsible for any "security" breach on the phone. There should be pre-installed security software on every mobile device.
To me, the most important thing is to enable password or PIN protection for the phone. That way, if the phone is misplaced or stolen, whoever gets it would have to enter the correct password or PIN to make calls. With the version of Android I have (2.2=Froyo), it's done with Menu, Settings, Location & Security, Change Screen Lock. Then you can choose "None", "Pattern", "PIN", or "Password". I use "PIN", because it's easier with my clumsy keyboard to just enter numbers. This is less secure than a password that contains letters and numbers though.
I was originally hesitant to do this because I wrongly thought I'd need to enter the password just to answer an incoming call when the phone is locked. This would be pretty darned challenging, especially with a long password. But the way my Android phone works is that you can answer the call immediately without entering the password even when the phone is locked, but as soon as you hang up the phone is again in a locked state.
The other thing is, I have so many passwords for so many web sites and other things that I can't keep track of them all. If your computer or laptop is running Windows, there's a free program you can use called 4Uonly that allows you to list all your user names, passwords and the site or service to which they belong and comments. It's usually configured with a single master password that allows access to the program, although the default does not require the password for access. I chose this program over others because of its simplicity. Other password managers promise to "streamline your shopping experience" and other such baloney. All I want is a common place to store all my passwords, allowing access to all of them with just a single password.
If you're running Windows you can just put all your passwords, etc. in a Word file, store that file in a folder, and encrypt the folder. Then you're the only one with access.
@Mal'achi
and have them block my porn????! YOUR A CRAZY MAN!
I hope we start talking about Mobile Device Privacy.
MIAmobi SilentPocket addresses this issue and many more problems associated with mobile devices. There are over 500,000 mobile app developed for smartphones, many of which are stealth and are ease dropping on your every move capable of turning on functions on your phone like your mic, camera, GPS, address book and more, even when it has been turned off. There is only one sure way to stop this if you really want to know for sure that you have control of your mobile device is to block all wifi coming in or going out.
But we don’t all have to be worried about that do we. The conveyance of instantly silencing your phone or putting the phone away when getting in your car without having to powering it down. (out of site out of mine) may save a few lives in 2012. "Empower Yourself" Website http:/www.mia-mobi.com/
Kaspersky has one...any they are mentioned in this article. However, go and Google "sceurity software for smartphones" and see what comes up. Then read for yourself some of the links you find there.
Most anti-virus programs don't work well with malware or code that appears safe but isn't. This may curve downward some expectations on M-commerce should viruses move quite hard against handhelds.
And this right here? Is why I'm perfectly happy with my old talk/text phone.
NO WAY BROKOWSKI
The more I hear about these things, the more I think I shouldn't get one.
Where is Steve Jobs when you need him?
you already downloaded how many apps from how many places. One of them is already tracking your movements - my son uses his when they play "kick the can" and it shows him where his friends are standing. Providing your other details back to someone else, already there just waiting to be activated
Easy solution, don't jail break your iphone and your pretty much good, Android fans on the other hand it's not as easy. Thats the crux of an "open" environment
According to WSJ (17DEC2010 issue), Pandora and Angry Birds are currently some of the worst data-harvesting offenders, and they're not hackers trying to break-in to your phone, they're invited apps that you paid for! They freely send information from your phone, including your phone data, contact information, and GPS location tracking data about you, to advertisers without asking permission.
Crooks can break into anything if they want to bad enough. Your house, computer, car, whatever. All you can do, is be smart about what you do with your phone. Make banking transactions? I never will. Keep sensitive information on it? I never will. Just be smart. The "cooler" the phone it appears the more vulnerable you are.
Leave it to Google to market the Android mobile OS to practically every smartphone, but not create any security measures. It comes down to greed. Google makes $220 billion a year, and who knows how much of that comes from licensing of the Android operating system. With all that money they're unable to have their engineers create security measures with Android? Even Microsoft, who Google likes to criticize as being evil, offers security updates and now even free security software. This is why Google's pc OS Chrome was/is a joke.